[elrepo] Announcement: EL7 New kernel-ml Release [4.15.0-1]

Phil Perry phil at elrepo.org
Wed Jan 31 07:18:18 EST 2018


On 30/01/18 23:47, Lachlan Musicman wrote:
> On 31 Jan. 2018 10:35 am, "Sam McLeod" <mailinglists at smcleod.net 
> <mailto:mailinglists at smcleod.net>> wrote:
> 
>     Hi Trevor,
> 
>     I didn't think that to compile a kernel with IBRS/IBPB your
>     /compiler/ had to be updated as well?
>     I thought that was a seperate issue but perhaps I'm mistaken.
> 
> 
> Yes, it does require a newer compiler...you can see the details of why here:
> 
> https://support.google.com/faqs/answer/7625886
> 
> Cheers
> L.
> 

No, not to my understanding. IBRS and retpoline are 2 separate ways of 
mitigating Spectre Variant 2. They are not linked or related.

The IBRS method is dependant upon kernel patches AND updated hardware 
microcode.

The retpoline method is dependant upon kernel patches AND an 
updated/patched compiler.

At present, the distro kernel has the IBRS patches backported to it by 
Red Hat so is dependant upon the availability of updated hardware 
microcode to be effective (which Intel recently pulled)

Kernel-ml has the retpoline patches but at present RHEL does not have a 
retpoline-aware compiler. The upstream kernel code (kernel.org) does not 
currently contain the IBRS patches that Red Hat have incorporated into 
the distro kernel.

Hence at present there is no viable mitigation available for Spectre 
Variant 2 for most users, regardless of whether you are running the 
distro kernel or kernel-ml.

Hope that helps.



More information about the elrepo mailing list